Hi All,
We are working with a vendor to set up a TrustGrid appliance. We have an FTD pair in HA mode that is managed via FMC.
We are migrating the vendor's current network from an existing IPSec tunnel to the TrustGrid appliance based firewall.
The networks will remain the same, except we will have a new subnet that the TrustGrid will live on behind our LAN, behind the Firewall.
The procedure is to add a static route for the vendor's protected network to go to the VIP of the TrustGrid device.
We attempted this, but failed.
Now we are thinking there is something needed on the firewall to allow traffic despite it being tunneled through & the TrustGrid devices being allowed out.
We have existing rules from the IPSec to allow the trusted vendor networks to talk to our networks, but they are for source of the 'Outside' interface to the destination of our 'Inside' interfaces.
Does this need to be changed for 'Inside' to 'Inside' since we are all on the 'Inside' of our LAN now as the TrustGrid device is behind our LAN?
Just trying to wrap our heads around the change!
Thanks for any help!